Zero-Day Exploitation in KnowledgeDeliver LMS — BleepingComputer

Hackers have exploited a critical zero-day vulnerability in the KnowledgeDeliver learning management system to install web shells. This vulnerability allows remote attackers to execute arbitrary code on affected systems. Security teams should prioritize patching and monitor for signs of exploitation, such as unusual web shell activity, to protect their infrastructure from potential breaches.

CISA Orders Immediate Patching of SharePoint and Drupal Vulnerabilities — Dark Reading

Microsoft has issued an out-of-band patch for a critical remote code execution vulnerability in SharePoint (CVE-2026-45659). Concurrently, CISA has directed U.S. government agencies to patch an actively exploited SQL injection vulnerability in Drupal (CVE-2026-9082). Both vulnerabilities pose significant risks, potentially allowing attackers to gain unauthorized access to sensitive data. Security teams must apply these patches urgently to mitigate exploitation risks.

• Charter confirms data breach after ShinyHunters extortion threat [BleepingComputer]
• The Hackers Behind Shai-Hulud: Lucky or Skilled? [Dark Reading]
• Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos [Dark Reading]
• MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries [The Hacker News]
• Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions [The Hacker News]